CLAIMS 



1. A safety protection instrumentation system for a nuclear reactor 
constructed by using a digital logic, wherein the digital logic includes 
functional units in which output logic patterns corresponding to all input 
logic patterns are verified in advance and a functional module formed by 
combining the functional units. 

2. The safety protection instrumentation system according to claim 1, 
wherein each of the functional units individually implements the output 
logic patterns corresponding to all the input logic patterns on hardware and 
determines whether the output values coincide with predicted values 
calculated from design specifications. 

3. The safety protection instrumentation system according to claim 1, 
wherein the functional module includes only the functional unit having 
same gate structure as that of the functional unit whose performance is 
verified in advance. 

4. The safety protection instrumentation system according to claim 1, 
wherein the functional module formed by combination of the functional 
units includes a register thorough which an output from the functional unit 
is transmitted and a delay element used for adjusting the timing of signal 
processing in the functional unit. 

5. The safety protection instrumentation system according to claim 1, 
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wherein the functional module formed by combination of the functional 
units includes a register thorough which an output from the functional unit 
is transmitted and uses handshaking for transferring a signal between the 
functional unit that drives the register at different clock frequencies, among 
the functional units. 

6. The safety protection instrumentation system according to claim 1, 
wherein the safety protection instrumentation system includes software in 
which effective programs statements executed by hardware and input 
pattern groups indicating operation paths are described, uses branch 
coverage or toggle coverage used for evaluating the ratio of the input logic 
patterns or determining whether the number of the input patterns is 
sufficient, and determines whether the output logic patterns corresponding 
to the input logic patterns coincide with predicted patterns calculated from 
design specifications to verify the connection between the functional units. 

7. The safety protection instrumentation system according to claim 1, 
wherein the safety protection instrumentation system is structured so as to 
generate input patterns in accordance with design specifications of the 
functional module and to determine whether the output patterns 
corresponding to the input patterns in the functional module coincide with 
predicted values calculated from the design specifications. 

8. The safety protection instrumentation system according to claim 1, 
wherein the safety protection instrumentation system includes an analog-to- 
digital element that converts an analog signal pattern in accordance with 
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design specifications of the functional module into a digital value to generate 
a digital input pattern and a digital-to-analog element that converts an 
output corresponding to an input in the functional module into an analog 
value, and determines whether the analog value coincides with a predicted 
value calculated from the design specifications. 

9. The safety protection instrumentation system according to claim 1, 
wherein the safety protection instrumentation system performs addition or 
comparison of two variables in the functional unit to replace either one of 
the two variables with a constant that can be specified with an address 
having the number of bits smaller than that of the variable. 

10. The safety protection instrumentation system according to claim 1, 
wherein the functional unit has a function of passing an operation flag 
indicating normal completion of the operation, wherein the functional 
module has a function of monitoring the operation flag, and wherein the 
safety protection instrumentation system includes a trip evaluator that 
receives an output from the functional module and determines whether the 
operation flag is set and an abnormality diagnosis circuit that outputs an 
abnormal operation signal if the operation flag is not set. 

1 1 . The safety protection instrumentation system according to claim 1 , 
wherein the functional unit has a function of calculating maximum and 
minimum output values by a simple expression and a function of passing 
the maximum and minimum output values, and wherein the safety 
protection instrumentation system includes a trip evaluator that compares 
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signal values with the maximum and minimum output values to determine 
whether the signal values are appropriate and an abnormality diagnosis 
circuit that outputs an abnormal operation signal. 

12. The safety protection instrumentation system according to claim 1, 
wherein the safety protection instrumentation system includes a first safety 
protection instrumentation system that converts a digital output into an 
analog value and converts the analog value into an optical signal and a 
second safety protection instrumentation system that converts the optical 
signal into an analog value and converts the analog value into a digital value, 
and wherein the first safety protection instrumentation system is connected 
to the second safety protection instrumentation system. 

13. A method of operating a safety protection instrumentation system for a 
nuclear reactor constructed by using a digital logic, wherein output logic 
patterns corresponding to all input logic patterns in functional units in the 
safety protection instrumentation system are verified in advance. 

14. The method of operating a safety protection instrumentation system 
according to claim 13, wherein data processing in the functional units in the 
safety protection instrumentation system is serially performed in the order of 
connection, and the serial transmission of a signal is confirmed by 
monitoring an output timing and it is determined whether the signal is 
output as designed to verify the performance of the safety protection 
instrumentation system. 



15. The method of operating a safety protection instrumentation system 
according to claim 13, comprising the step of verifying whether the 
functional units in the safety protection instrumentation system have same 
structure as an internal structure when performance of the functional units 
is verified. 



